diff --git a/rules/linux/lnx_install_root_certificate.yml b/rules/linux/lnx_install_root_certificate.yml
index c6e9be9a2..702a3e80c 100644
--- a/rules/linux/lnx_install_root_certificate.yml
+++ b/rules/linux/lnx_install_root_certificate.yml
@@ -14,12 +14,14 @@ detection:
         - CommandLine|contains|all:
           - 'mv '
           - '/usr/local/share/ca-certificates'
-          - 'update-ca-certificates'
     selection2:
+        - ProcessName|contains:
+          - 'update-ca-certificates'
+    selection3:
         - CommandLine|contains|all:
           - 'cp '
           - 'rootCA.crt'
           - 'update-ca-trust'
-    condition: selection or selection2
+    condition: (selection and selection2) or selection3
 falsepositives:
     - Legitimate administration activities